× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: c5af1e0383d10d5405ac7c8dd7332816a5635040c18333c9d191683743d41491
Nombre: VK.exe
Detecciones: 47 / 51
Fecha de análisis: 2014-03-30 18:11:41 UTC ( hace 4 años, 8 meses )
Antivirus Resultado Actualización
Ad-Aware Win32.Neshta.C 20140330
Yandex Win32.Masha.B 20140329
AhnLab-V3 Win32/Neshta 20140330
AntiVir W32/Delf.I 20140330
Antiy-AVL Virus/Win32.Neshta 20140330
Avast Win32:Apanas [Trj] 20140330
AVG Win32/Selges.D 20140330
Baidu-International Virus.Win32.Neshta.$a 20140330
BitDefender Win32.Neshta.C 20140330
Bkav W32.HanGu.PE 20140329
CAT-QuickHeal W32.Neshta.B 20140330
ClamAV Neshta.B 20140330
CMC Virus.Win32.Neshta!O 20140328
Commtouch W32/HLLP.EPJG-6217 20140330
Comodo Win32.Neshta.B 20140330
DrWeb Win32.HLLP.Neshta 20140330
Emsisoft Win32.Neshta.C (B) 20140330
ESET-NOD32 Win32/Neshta.B 20140330
F-Prot W32/HLLP.41472 20140330
F-Secure Win32.Neshta.C 20140330
Fortinet W32/Delf.L 20140330
GData Win32.Neshta.C 20140330
Ikarus Virus.Win32.Neshta 20140330
Jiangmin Virus.Neshta.b 20140330
K7AntiVirus Virus ( 700000131 ) 20140328
K7GW Virus ( 700000131 ) 20140328
Kaspersky Virus.Win32.Neshta.b 20140330
Kingsoft Win32.Neshta.a.41472 20140330
McAfee W32/HLLP.41472 20140330
McAfee-GW-Edition Heuristic.BehavesLike.Win32.Suspicious.H 20140330
Microsoft Virus:Win32/Neshta.B 20140330
eScan Win32.Neshta.C 20140330
NANO-Antivirus Virus.Win32.Neshta.flln 20140330
Norman Neshta.C 20140330
nProtect Win32.Neshta.C 20140330
Panda W32/Neshta.C 20140330
Qihoo-360 Virus.Win32.Neshta.B 20140330
Rising PE:Win32.Agent.dc!1442607 20140330
Sophos AV W32/Bloat-A 20140330
Symantec W32.Neshuta 20140330
TheHacker W32/Netshta.gen 20140329
TotalDefense Win32/Neshta.C 20140329
TrendMicro TROJ_GEN.F0C2C00AH14 20140330
TrendMicro-HouseCall PE_NESHTA.A 20140330
VBA32 Virus.Win32.Neshta.b 20140328
VIPRE Virus.Win32.Neshta.a (v) 20140330
ViRobot Win32.Neshta.C 20140330
AegisLab 20140330
ByteHero 20140330
Malwarebytes 20140330
SUPERAntiSpyware 20140330
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00008178
Number of sections 8
PE sections
PE imports
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
SetDIBits
GetObjectA
DeleteDC
SelectObject
CreateSolidBrush
GetDIBits
BitBlt
CreateDIBSection
CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap
StretchDIBits
GetLastError
GetStdHandle
EnterCriticalSection
ReleaseMutex
GetFileAttributesA
FreeLibrary
ExitProcess
GetThreadLocale
GetModuleFileNameA
GetFileSize
RtlUnwind
WinExec
DeleteCriticalSection
GetStartupInfoA
GetLocaleInfoA
LocalAlloc
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
UnhandledExceptionFilter
GetShortPathNameA
GetCommandLineA
CloseHandle
CreateMutexA
SetFilePointer
GetTempPathA
RaiseException
GetModuleHandleA
ReadFile
WriteFile
FindFirstFileA
FindNextFileA
GetCurrentThreadId
SetFileAttributesA
GetDriveTypeA
LocalFree
GetLogicalDriveStringsA
GetLocalTime
InitializeCriticalSection
VirtualFree
FindClose
TlsGetValue
SetEndOfFile
TlsSetValue
CreateFileA
GetVersion
VirtualAlloc
SetCurrentDirectoryA
LeaveCriticalSection
SysReAllocStringLen
SysFreeString
ExtractIconA
ShellExecuteA
ReleaseDC
GetIconInfo
DestroyIcon
FillRect
MessageBoxA
CharLowerBuffA
GetSysColor
GetKeyboardType
GetDC
CopyImage
Number of PE resources by type
RT_RCDATA 2
RT_ICON 1
RT_GROUP_ICON 1
Number of PE resources by language
RUSSIAN 2
NEUTRAL 2
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
1992:06:19 23:22:17+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
29696

LinkerVersion
2.25

FileAccessDate
2014:03:30 19:10:58+01:00

EntryPoint
0x8178

InitializedDataSize
10752

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

FileCreateDate
2014:03:30 19:10:58+01:00

UninitializedDataSize
0

File identification
MD5 da123da5d02fd6f9d92068323b90799f
SHA1 e0c2f571a04dd256bd56dc86a1f0171e3da6c558
SHA256 c5af1e0383d10d5405ac7c8dd7332816a5635040c18333c9d191683743d41491
ssdeep
1536:yxqjQ+P04wsZLnDrCizLhWtPloXYzL2ndPd:zr8WDrCizLEtPqXYzL2nVd

imphash 9f4693fc0c511135129493f2161d1e86
Tamaño del fichero 276.4 KB ( 282997 bytes )
Tipo Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Borland Delphi 6 (85.7%)
Win32 EXE Yoda's Crypter (8.6%)
Win32 Dynamic Link Library (generic) (2.1%)
Win32 Executable (generic) (1.4%)
Win16/32 Executable Delphi generic (0.6%)
Tags
peexe

VirusTotal metadata
First submission 2014-01-11 13:07:48 UTC ( hace 4 años, 11 meses )
Last submission 2014-03-30 18:11:41 UTC ( hace 4 años, 8 meses )
Nombres VK.exe
file-6462155_exe
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Shell commands
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.